[Samba] Domain Admins
Golden Butler
golden at cnt.org
Thu May 25 01:51:03 GMT 2006
Also,
Is it necessary to group map groups you're using in samba? For example:
ntgroup "marketing" --> unix group "marketing"
ntgroup "sales" --> unix group "sales"
What are pros and cons to doing this, or is it optional?
-- Delamatrix _____
From: Neil Muller [mailto:neil at neologix.net.au]
To: Golden Butler [mailto:golden at cnt.org]
Cc: Samba Mailing List [mailto:samba at lists.samba.org]
Sent: Wed, 24 May 2006 19:22:48 -0500
Subject: Re: [Samba] Domain Admins
Golden Butler wrote:
> Hi,
>
> I'm trying to set up one of my users to be a domain admin. I have
> unix/ldap group called "domainadm" with "user1" a member of the group.
> When I run "net groupmap list" I get the following:
>
> Domain Admins (S-1-5-21-186220259-3826000728-3192352269-7033) -> domainadm
>
> But when I go to log in to the domain with "user1" on a winxp machine,
> the user isn't able to make administrative changes to the computer.
>
> Is there something I'm doing wrong?
>
> - Delamatrix
>
> SLES9-SP3
> Samba 3.0.20b
> Openldap
>
I think you may need to check the rid you have used for the Domain
Admins group. According to
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html
this is one of the well known rids which must be maintained for correct
functioning of the NT groups systems. You have a rid of 7033 and I think
it should be 512.
Neil
--
email: neil at neologix.net
More information about the samba
mailing list